d65d583f567a0b97d47ab2b05ff13879_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d65d583f567a0b97d47ab2b05ff13879_JaffaCakes118
Size

80KB
MD5

d65d583f567a0b97d47ab2b05ff13879
SHA1

972ae8d88cbff700bd419fdcfb5e255e7b9e3251
SHA256

377a8889c12b0ffdc121e6d17cc035067dcc352d95baa921dc76479fb1ab6ed2
SHA512

c1714cc000ae375a7104859db639cf930b6a14ee1f598ce2b026871567f55608926abfe58c86a35b12d6032f7bbcc19f5315d1425bababc44aa5e2ffb495d6d9
SSDEEP

1536:lRC3S/yT20Q0zI7AlKITDy3MsSOeBaopWTWTw2:lRC3S/yT20bz0olOUaopWTW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d65d583f567a0b97d47ab2b05ff13879_JaffaCakes118

Files

d65d583f567a0b97d47ab2b05ff13879_JaffaCakes118
.dll windows:4 windows x86 arch:x86

1a53564b06aa1a7cdb2edd3e59ef7923

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

psapi

EnumProcessModules
GetModuleFileNameExA

kernel32

Process32Next
Process32First
CreateToolhelp32Snapshot
VirtualAllocEx
SetUnhandledExceptionFilter
WaitForSingleObject
FreeConsole
SetEvent
CreateEventA
GetCurrentThreadId
WriteFile
ReadProcessMemory
FlushFileBuffers
LCMapStringW
LCMapStringA
MultiByteToWideChar
GetStringTypeW
GetStringTypeA
SetStdHandle
lstrlenA
Sleep
DeleteFileA
SetLastError
GetLastError
OpenProcess
GetCurrentProcess
WriteProcessMemory
GetTickCount
GetModuleFileNameA
GetModuleHandleA
VirtualProtect
lstrcatA
HeapAlloc
HeapFree
CreateFileA
DeviceIoControl
CloseHandle
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
ExitProcess
GetOEMCP
GetACP
LeaveCriticalSection
GetCPInfo
IsBadCodePtr
IsBadReadPtr
SetFilePointer
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
UnhandledExceptionFilter
HeapSize
RtlUnwind
RaiseException
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
CreateThread
TlsSetValue
TlsGetValue
ExitThread
GetCommandLineA
GetVersion
TlsAlloc
TlsFree
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
TerminateProcess

user32

wsprintfA
SetThreadDesktop
OpenDesktopA
SetProcessWindowStation
OpenWindowStationA
GetProcessWindowStation
CloseDesktop
OpenInputDesktop
GetUserObjectInformationA
GetThreadDesktop

advapi32

RegEnumValueA
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey

wininet

InternetOpenA
HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
InternetConnectA

ws2_32

recv
send
setsockopt
connect
bind
gethostbyname
gethostname
inet_addr
htons
socket
closesocket

shlwapi

PathFindFileNameA

Exports

Exports

ServiceMain

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a53564b06aa1a7cdb2edd3e59ef7923

Headers

File Characteristics

Imports

psapi

kernel32

user32

advapi32

wininet

ws2_32

shlwapi

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 41KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 16KB - Virtual size: 18KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 44KB - Virtual size: 41KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 16KB - Virtual size: 18KB

.reloc
Size: 8KB - Virtual size: 4KB